Windows 10 Iot Enterprise Activation Guide
Version 1.0
Contents
........................1
Introduction...........................................................................................................................................................................................................................2
What is activation?..............................................................................................................................................................................................................2
Activation process overview............................................................................................................................................................................................3
Enabling Activation.............................................................................................................................................................................................................4
Product Keys.....................................................................................................................................................................................................................4
Finalizing the OEM Image ...........................................................................................................................................................................................4
Activation methods.............................................................................................................................................................................................................5
Direct connection............................................................................................................................................................................................................5
Internet via proxy tool ..................................................................................................................................................................................................5
No Internet connectivity ..............................................................................................................................................................................................5
Activation tools ....................................................................................................................................................................................................................5
Volume Activation Management Tool 3.1 (VAMT 3.1) ....................................................................................................................................5
Windows Software Licensing Management Tool (Slmgr.vbs).......................................................................................................................6
Windows Activation UI (Slui.exe)..............................................................................................................................................................................6
Reactivation ...........................................................................................................................................................................................................................6
Activate a Windows 10 IoT Enterprise device by using a direct Internet connection .........................................................................6
Activate a device over the Internet by using VAMT 3.1 ..................................................................................................................................8
Activate a Windows 10 IoT Enterprise device by using a proxy connection to the Internet......................................................... 11
Activate a Windows 10 IoT Enterprise device by using a telephone ...................................................................................................... 18
Windows 10 IoT Activation Guide 1
Introduction
This guide is intended to provide an overview and detailed guidance on how to activate and reactivate Windows 10 IoT Enterprise images in both the factory and the field.
All Windows 10 IoT Enterprise devices must be enabled for activation. Device activation may be completed by having devices contact
Microsoft activation verification servers directly through an Internet connection or indirectly via a proxy tool. Alternatively, Windows
10 IoT offers a third option, allowing devices not connected to the Internet to remain in a deferred activation state, as described further below. This option is new to Windows 10 IoT.
This guide is primarily intended as a resource for individuals required to perform this activation process; however, it is also useful as a resource for administrators, planners, and technicians in other roles who need to understand how activation works or how to activate a device.
What is activation?
Activation is the process of registering Windows 10 IoT Enterprise with Microsoft to ensure the product is genuine. Activation is used to:
1. Reduce software piracy.
2. Protect the software industry, corporate intellectual property, software development investments, and product quality.
3. Ensure customers receive the product quality they expect.
By default, you must enable each device for activation. If the device is not connected to the Internet, it will remain in a deferred activation state. If the device is connected to the Internet, the device will automatically activate over the Internet. If the device connects to the Internet and the activation attempt fails due to an invalid licensing key or one that has exceeded its activation allotment, it will enter a not activated state. Thus, there are three potential device states:
1. Activated state
2. Deferred activation state
3. Not activated state
After a device has been activated, it will remain activated unless a significant change triggers a need to reactivate the device, such as a motherboard replacement or completely reimaging the device.
Windows 10 IoT Activation Guide 2
Activation process overview
Each device must have a valid license key to support activation, and the process of activation encompasses several distinct steps, as follows:
1. Obtain a product key and apply it to the device.
2. Retrieve the licensing status information from the device.
3. Connect for activation, or leave in deferred activation state. a. Leave the device in a state of deferred activation. b. To activate: connect device to Internet directly; connect device to Internet indirectly using the proxy activation tool; or activate through Microsoft licensing servers using a telephone if no Internet connection is available. At this point, the device will automatically (or, in the case of telephone option, via user input) send licensing status. The device will then automatically: i. Retrieve a confirmation ID from the Microsoft licensing servers. ii. Apply the confirmation ID to your device. The device is now activated.
4. OEMs may have a sales-out reporting requirement to report licenses used.
Windows 10 IoT Activation Guide 3
Not activated behavior
When a Windows 10 IoT Enterprise device activation attempt fails due to an invalid licensing key or one that has exceeded its activation allotment, the device displays an immersive watermark on the lower-right corner of each attached display. This watermark appears 3 hours after the failed activation attempt. In addition, you cannot change the Windows personalization settings, such as the desktop background or the lock screen background, on a device that is not activated. These are the differences between a device that is not activated versus a device that is activated or in a deferred activation state.
Enabling Activation
The following sections describes the process for an OEM to build a device that is enabled for activation.
Product Keys
Product keys that apply to Windows 10 IoT Enterprise.
Embedded Product Key Entry Activation (ePKEA) ePKEA keys are distributed to and supported by an OEM. This type of product key is used to activate multiple devices, multiple times, up to the limit imposed on the key.
Product Key Entry Activation (PKEA) keys
PKEA keys are distributed to and supported by an OEM. This type of product key is used to activate a single installation of Windows per unique key.
OEM activation 3.0 (OA 3.0) key
OA 3.0 keys are obtained solely by using the OEM Activation 3.0 system. If you are interested in using this system, please contact your
Microsoft representative.
Note: This document does not address the use of this product key specifically.
Finalizing the OEM Image
The following steps will allow you to suppress the license key dialog that appears in the out of box experience after Sysprep is run, protect your product key from being extracted from the image illegally, and prepare your master image for mass deployment. The order in which these commands are performed is very important.
Required Update: Security Update KB3074679
1. Insert your media into the target device and boot into Windows 10 setup
2. Enter your OEM ePKEA or PKEA: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
3. At elevated prompt, run: Sysprep /audit /reboot
4. After reboot, cancel the sysprep dialog, remove user created during setup, and make any other modifications required such as installing OEM value add applications, drivers, etc. Once complete continue with step 5
5. Confirm Security Update KB3074679 is installed, if it is not please install it now.
6. At elevated command prompt run: Slmgr /cpky
7. Next, type: Sysprep /oobe /generalize /quit
8. Next, type: reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v SetupDisplayedProductKey /t
REG_DWORD /d 1
9. Exit command prompt and shutdown
10. (capture and deploy if mass producing)
Windows 10 IoT Activation Guide 4
When OEM’s customer boots the device they will proceed through OOBE (unless OEM has automated with unattend). Note: No
Prompt for Product Key entry
Activation methods
All Windows 10 IoT Enterprise images must be enabled for activation, which includes activation and deferred activation. If the device is never connected to the Internet, it will remain in a deferred activation state. If you decide to fully activate the image, rather than staying in deferred activation state, then the deciding factor in how and when to activate an image is usually what kind of Internet connection your device has available and the needs and expectations of the final customer.
The first factor in deciding how to activate your Windows 10 IoT Enterprise device is to determine what type of Internet connection is available to your device – direct Internet connection, Internet via proxy tool, or no Internet connectivity.
Direct connection
In this situation, a device has access to a public network so it can directly contact the Microsoft activation servers to complete the activation process. The device must be able to send and receive information across TCP ports 80 and 443.
Internet via proxy tool
In this situation, a device may have access to a private network but no access directly to the Internet. Proxy activation tools can be used in this case to complete the activation process between the device on the private network and the Microsoft activation servers on the public network.
For more information about activating a device in this scenario, see Volume Activation Management Tool Technical Reference:
No Internet connectivity
Situations in which there is no Internet connectivity include when the device has no networking capability, the factory has no Internet connectivity, the device is connected to a private network that does not have Internet connectivity, or the device cannot be connected (even indirectly through a proxy) to the Internet because of security considerations. In these situations, you can use a telephone to activate your device.
For more information about activating a device in this scenario, see How to Contact a Microsoft Product Activation Center by Phone:
Alternatively, you may choose to leave the device in deferred activation state.
Activation and write filters
All activation processes require that the device has write filters disabled. Although activation initially succeeds if write filters are enabled, restarting the device resets the activation status, and you must reactivate the device.
Activation tools
You use the following tools in various activation scenarios.
Volume Activation Management Tool 3.1 (VAMT 3.1)
You can use VAMT 3.1 to centrally manage activation status for Windows 10 IoT Enterprise devices over a network. You can download this tool for free. For more information see What’s New for ADK in Windows 10:
Just manually select Volume Activation Management Tool (VAMT) to install, because it is not selected by default. If you do not have a Microsoft SQL Server 2008 or later database available for VAMT to use, you should also select SQL Server Express 2012 to install, because VAMT requires a connection to a SQL Server database. You can choose not to install any of the other features, because they are not required for VAMT.
For more information about VAMT 3.1, see Volume Activation Management Tool Technical Reference:
Windows 10 IoT Activation Guide 5
Windows Software Licensing Management Tool (Slmgr.vbs)
This command line tool enables you to manage product keys and activation status on a Windows 10 IoT Enterprise device. This tool is available on every Windows 10 IoT Enterprise operating system.
For more information about Slmgr, see Slmgr.vbs Options on TechNet:
Windows Activation UI (Slui.exe)
This tool launches the Windows Activation UI that allows you to enter a license key. This tool is available on every Windows 10 IoT
Enterprise operating system.
Reactivation
Certain scenarios can cause a device to require to be reactivated. Any time a change is made to an activated device, the device is classified as either in-tolerance or out-of-tolerance. In many cases, you can make minor changes to the hardware, such as adding additional RAM or swapping out a hard drive, without requiring the device to be reactivated. Major hardware changes, such as changing the motherboard of a device, can cause a device to be considered out-of-tolerance, which sets the device back to a not activated state. A large number of small hardware changes made at once can also push a device to out-of-tolerance, even if the individual changes themselves would be considered in-tolerance.
Attaching and detaching USB devices or other peripheral hardware has no effect on the tolerance state of the device.
When a Windows 10 IoT Enterprise device requires reactivation, a watermark is displayed in the lower-right corner of each attached display, indicating that the device is not activated. In addition, you cannot change the Windows personalization settings, such as the desktop background or the lock screen background. The device continues to work as normal, and there are no other changes in the behavior of the device.
In most cases, you can reactivate the device in the same manner that you would activate a new device, as outlined in this guide.
Depending on the type of product key you have used, reactivating a device has different implications. For ePKEA keys, reactivating a device can use up one of the pool of available keys, although multiple reactivations of the same device should reuse the reactivated key, as long as the hardware of the device has not significantly changed.
Activate a Windows 10 IoT Enterprise device by using a direct Internet connection
In most cases, a Windows 10 IoT Enterprise device directly connected to the Internet will activate automatically without user intervention. You can also use the following procedures to activate your device:
▪
Activate a Device Manually Using a Direct Internet Connection
Activate a Device Over the Internet Using VAMT 3.1
▪
Activate a device manually by using a direct Internet connection
If your device has a direct Internet connection, you can manually activate your device using either the command line or the Windows
Activation UI.
Windows 10 IoT Enterprise provides the following two command line tools that you can use to manage your activation status:
▪
Slmgr.vbs – The Windows Software Licensing Management Tool lets you manage product keys and activation status.
Slui.exe – This tool launches the Windows Activation UI.
▪
Activate a device manually by using a direct Internet connection and the command line
Prerequisites:
▪
Windows 10 IoT Enterprise is installed on your device.
Your device has a direct Internet connection.
▪
Windows 10 IoT Activation Guide 6
You have administrator rights on the device.
To activate:
1. On your device, open a command prompt as Administrator.
2. Navigate to the system drive :\Windows\System32 folder, and then type cscript slmgr.vbs /ato
3. Type cscript slmgr.vbs /dlv, and then verify that the License Status now displays Licensed.
Activate a device manually by using a direct Internet connection and Windows Activation UI
Prerequisites:
▪
▪
▪
Windows 10 IoT Enterprise is installed on your device.
Your device has a direct Internet connection.
You have administrator rights on the device.
To activate:
1. On your device, do one of the following: a. Open a command prompt as Administrator and type the following command to launch the Windows Activation UI:
SLUI
-orb. Open the Windows 10 Settings Menu, and navigate to Open Settings. c. Click Updates Security. d. Click Activation. e. Click Activate.
2. After a few minutes, your device will be activated.
Windows 10 IoT Activation Guide 7
Automatically activate a device by using a direct Internet connection after setup
By default, Windows 10 IoT Enterprise devices will automatically activate upon first connection to the Internet.
Prerequisites:
▪
▪
▪
Direct Internet connection for your device.
Your device’s master image has been created with a valid product key.
Administrator user rights to the master or reference image.
To activate:
Device will activate automatically when connected to Internet; however, if you would like to ensure this activation occurs at a specific time, then you can use this method:
1. On your master or reference device, open a command prompt as an Administrator.
2. Type the following to add the registry key to enable automatic activation:
Reg add HkLm\Software\microsoft\Windows\CurrentVersion\RunOnce /v autoactivate /t REG_SZ /d “ system drive :\windows\system32\slmgr.vbs /ato”
3. In the command prompt window, navigate to the %systemdrive%\Windows\System32\Sysprep folder and generalize your image by typing sysprep /generalize
4. Deploy the sysprepped image to manufacturing. When this image is deployed to a device and the device is started for the first time, it will automatically attempt to activate when an Internet connection is available.
Activate a device over the Internet by using VAMT 3.1
If your device does not have a display or does not have a method of user input, or if you have a large number of devices on a network and you want to activate them remotely, you can use the Volume Activation Management Tool 3.1 (VAMT 3.1) to remotely activate devices on a network. This tool is distributed for free.
For more information about VAMT 3.1, please see Volume Activation Management Tool Technical Reference:
To activate a device over the Internet by using VAMT 3.1
Prerequisites:
▪
VAMT 3.1 host, which includes the following:
VAMT 3.1 tool is installed.
The VAMT 3.1 host has Internet access.
The VAMT 3.1 host has private network connectivity.
▪
▪
Windows PowerShell 4.0 is installed.
The device to be activated contains the following:
Configured WMI/PowerShell remote access.
For more information, see Allow WMI/PowerShell Remote Access on a Device:
Private network connectivity.
Direct Internet connectivity.
An administrator account with a password.
Windows 10 IoT Activation Guide 8
1. On the VAMT 3.1 host, open VAMT 3.1.
2. In the left pane, expand the Products node, right-click the Windows node, and then click Discover products.
3. In the Discover products dialog box, select Manually enter name or IP address, and then enter the name or IP address of the device you are going to activate.
4. When VAMT 3.1 successfully locates the device, it will display it in the center pane.
Note: You can search for the device or devices you want to activate in several different ways. For information about the other options, see Volume Activation Management Tool Technical Reference:
5. Right-click the device in the center pane, click Update license status, and then click Alternate credential.
Windows 10 IoT Activation Guide 9
7. A window will open and display the status of the attempts by VAMT 3.1 to update the device’s information. This update can take several minutes to complete.
8. When the process has completed, click Close. VAMT 3.1 now displays the License Status value of the device as
Notification in the center pane.
9. Right-click the device in the center pane, click Activate, click Online activate, and then click Alternate credential.
Windows 10 IoT Activation Guide 10
11. A window displays the status of the attempts by VAMT 3.1 to activate the device over the Internet. After a few minutes, the device will be activated. Note that the value in the License Status column has now changed to Licensed.
Activate a Windows 10 IoT Enterprise device by using a proxy connection to the Internet
If your device is (or can be) connected to a private network, but does not have direct access to the Internet, you can use a proxy server to act as an intermediary between the device and the Internet. The proxy server functions as a bridge between the private network and the Internet, and enables the device to communicate indirectly with the Microsoft activation servers.
The tool that enables you to use a proxy server to activate Windows 10 IoT Enterprise devices over a network is the Volume
Activation Management Tool 3.1 (VAMT 3.1). This tool is distributed for free. For more information about VAMT 3.1, please see
Volume Activation Management Tool Technical Reference:
Activate a device over a private network by using VAMT 3.1 on a proxy computer
The basic flow of this process is:
1. Connect your proxy computer, which has VAMT 3.1 installed on it and access to the Internet, to the private network that your Windows 10 IoT Enterprise device is on.
2. Use VAMT 3.1 to discover your device and add your device information to the VAMT 3.1 host’s database.
3. The VAMT 3.1 host contacts the Microsoft activation server over the Internet and transmits the license information of the device.
4. The Microsoft activation server returns a Confirmation ID (CID) for the device to the VAMT 3.1 host.
5. The VAMT 3.1 host applies that confirmation ID to the device. The device is now activated.
This process can be done on a device-by-device basis but is also scriptable to allow for automation or multiple-device activation.
Windows 10 IoT Activation Guide 11
The following procedures below describe this process in greater detail:
▪
Activate an Individual Device over a Private Network by Using VAMT 3.1